WO2019233204A1

WO2019233204A1 - Method, apparatus and system for key management, storage medium, and computer device

Info

Publication number: WO2019233204A1
Application number: PCT/CN2019/083875
Authority: WO
Inventors: 晏鹏; 白广元
Original assignee: 腾讯科技（深圳）有限公司
Priority date: 2018-06-06
Filing date: 2019-04-23
Publication date: 2019-12-12
Also published as: CN108768664B; JP7297360B2; US11516020B2; JP2021516495A; US20200344072A1; CN108768664A

Abstract

The prevent invention relates to a method, apparatus and system for key management, a storage medium, and a computer device. The method for key management comprises: generating, in a local secure area, device keys including a device public key and a device private key; transmitting a local device parameter and the device public key to a certificate authority server; receiving a device certificate fed back by the certificate authority server, an authentication private key of the certificate authority server being used to encrypt the device parameter and the device public key so as to generate signature data of the device certificate; and storing the device private key and the device certificate in the secure area. The solution provided in the present invention enhances key management efficiency.

Description

Key management method, device, system, storage medium and computer equipment

This application claims priority from a Chinese patent application filed on June 6, 2018, with application number 201810574128.7, and the invention name is "Key Management Method, Apparatus, System, Storage Medium, and Computer Equipment", the entire contents of which are incorporated by reference. In this application.

Technical field

The present application relates to the field of computer technology, and in particular, to a key management method, device, system, storage medium, and computer device.

Background technique

With the continuous development of Internet technology, more and more data interactions are carried out through devices, so users have higher and higher requirements for device authentication security. At present, it is usually required that a device manufacturer separately establishes a server for key management, and before the device leaves the factory, the device public key is uploaded to the server for storage.

However, in the traditional key management method, each device manufacturer needs to separately establish a server for key management. When data interaction is required, the interactor who needs to use the device public key needs to request the device from the server The use of public keys results in complex and inefficient key management.

Summary of the Invention

Based on this, it is necessary to provide a key management method, device, system, storage medium, and computer equipment in response to the current complex and inefficient key management.

A key management method applied to a terminal, the method includes:

Generate a device key including the device public key and device private key in the local security zone;

Sending the local device parameters and the device public key to a certificate authentication server;

Receiving a device certificate fed back by the certificate authentication server; signature data of the device certificate is generated by signing the device parameters and the device public key with an authentication private key of the certificate authentication server;

The device private key and the device certificate are stored in the secure area.

A key management device, the device includes:

A generating module for generating a device key including a device public key and a device private key in a local security zone;

A sending module, configured to send a local device parameter and the device public key to a certificate authentication server;

A receiving module, configured to receive a device certificate fed back by the certificate authentication server; signature data of the device certificate is generated by signing the device parameters and the device public key using an authentication private key of the certificate authentication server;

A storage module, configured to store the device private key and the device certificate in the secure area.

A key management system, the system includes a terminal and a certificate authentication server;

The terminal is configured to generate a device key including a device public key and a device private key in a local security area; and send the local device parameters and the device public key to the certificate authentication server;

The certificate authentication server is configured to feed back a device certificate to the terminal; signature data of the device certificate is generated by signing the device parameters and the device public key with the authentication private key of the certificate authentication server;

The terminal is further configured to store the device private key and the device certificate in the secure area.

A computer-readable storage medium stores a computer program on the computer-readable storage medium. When the computer program is executed by a processor, the processor causes the processor to perform the following steps:

A computer device includes a memory and a processor. The memory stores a computer program. When the computer program is executed by the processor, the processor causes the processor to perform the following steps:

The above-mentioned key management method, device, system, storage medium, and computer equipment, the generation of the device key, and the storage of the private key and the device certificate in the device key are all performed in a local security area, ensuring the device key And the security of the device certificate; secondly, the signature data in the device certificate is generated by signing the local device parameters and the device public key with the authentication private key of the certificate authentication server, which enhances the validity and credibility of the device certificate; Moreover, the device certificate is directly stored locally, which avoids the complicated operation and inconvenience of the management and use of the key caused by storing the device public key in other devices different from the local, making the key management convenient and efficient.

A certificate verification method applied to a certificate authentication server. The method includes:

Receiving an application certificate verification request;

Obtaining a certificate chain corresponding to the application certificate verification request; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign signature data for generating the device certificate, so The authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to Decrypting the signature data of the application certificate;

When an authentication certificate identical to the authentication certificate in the certificate chain exists locally, verifying the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain;

When both the device certificate and the application certificate pass, the feedback indicates the verification result that the verification passes.

A certificate verification device, the device includes:

A receiving module for receiving an application certificate verification request;

An obtaining module, configured to obtain a certificate chain corresponding to the application certificate verification request; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign and generate the device certificate The signature public data of the authentication certificate is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate; The device public key is used to decrypt the signature data of the application certificate;

A verification module, configured to verify the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain when an authentication certificate identical to the authentication certificate in the certificate chain exists locally;

A feedback module is used to indicate that the verification result is passed when the device certificate and the application certificate are both verified.

Receiving an application certificate verification request;

When the above certificate verification method, device, storage medium and computer equipment need to perform certificate verification, the certificate chain corresponding to the application certificate verification request is directly obtained; since the authentication private key corresponding to the authentication certificate in the certificate chain is used for signature generation The signature data of the device certificate, the authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate, and the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key in the device certificate is used to decrypt The signature data in the application certificate, that is, the device certificate and the application certificate are issued step by step based on the authentication certificate. When there is an authentication certificate that is consistent with the authentication certificate in the certificate chain, it is also determined that the authentication certificate is trustworthy. At this time, the device certificate and the application certificate can be verified according to the authentication certificate in the certificate chain, so that when the device certificate and the application certificate are both verified, the feedback indicates that the verification result is passed to ensure the validity and efficiency of the certificate verification.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an application environment diagram of a key management method in an embodiment; FIG.

2 is a schematic flowchart of a key management method according to an embodiment;

FIG. 3 is a sequence diagram of issuing a device certificate in an embodiment; FIG.

4 is a sequence diagram of issuing an application certificate in an embodiment;

5 is a sequence diagram of verifying an application certificate in an embodiment;

FIG. 6 is a schematic diagram of the principle of key management in an embodiment; FIG.

7 is a schematic flowchart of a certificate verification method according to an embodiment;

FIG. 8 is a module structure diagram of a key management apparatus in an embodiment; FIG.

FIG. 9 is a module structure diagram of a key management apparatus in another embodiment; FIG.

FIG. 10 is a module structure diagram of a certificate verification device in an embodiment; FIG.

FIG. 11 is a module structure diagram of a certificate verification device in another embodiment; FIG.

FIG. 12 is an internal structural diagram of a computer device in an embodiment; FIG.

FIG. 13 is an internal structural diagram of a computer device in another embodiment.

Detailed ways

In order to make the purpose, technical solution, and advantages of the present application clearer, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the application, and are not used to limit the application.

FIG. 1 is an application environment diagram of a key management method in an embodiment. Referring to FIG. 1, the key management method is applied to a key management system. The key management system includes a terminal 110 and a server 120. The server 120 includes at least a certificate authentication server 121, and may further include an application server 122 and / or a key management server 123. The terminal 110 and the server 120 are connected through a network. The terminal 110 is configured to execute the key management method. The terminal 110 may be a desktop terminal or a mobile terminal, and the mobile terminal may be at least one of a terminal such as a mobile phone, a tablet computer, or a notebook computer. The certificate authentication server 121 may be a CA (Certificate Authority Digital Certificate Authority) server or another type of server. The application server 122 may be a server corresponding to an application running on the terminal 110, such as an instant communication server corresponding to an instant communication application. The key management server 123 may be a TAM (Trusted ATTK Management) server or another type of server.

The terminal 110 may generate a device key including a device public key and a device private key in a local security area, and then send the local device parameters and the device public key to the certificate authentication server 121. After receiving the device parameters and the device public key, the certificate authentication server 121 can generate the signature data by signing the device parameters and the device public key using the authentication private key of the certificate authentication server, and obtain the device certificate of the terminal 110. Terminal 110. The terminal 110 then stores the device private key and the device certificate in the secure area.

The terminal 110 may also generate an application key for the application in a local security area when the application key generation instruction triggered by the application running locally is obtained; the application key includes an application public key and an application private key. In this security zone, the application's application parameters and application public key are signed by the device's private key, the application's application certificate is generated, the application private key and the application certificate are stored in the security zone, and the application's certificate chain is stored: Certificate, device certificate and application certificate. In this way, when receiving the biometric authentication authorization request triggered by the application, the terminal 110 can generate an application certificate verification request corresponding to the application, and send the application certificate chain and the application certificate verification request to the application office. The corresponding application server 122 performs certificate verification by the application server 122, or after the application server 122 forwards the certificate chain to the certificate authentication server 121, the certificate authentication server 121 performs certificate verification. Alternatively, after the certificate chain is forwarded to the key management server 123, the certificate authentication server 121 or the key management server 123 performs certificate verification.

In one embodiment, the certificate verification method can also be applied to the application environment shown in FIG. 1. The server 120 is configured to execute the certificate verification method. The server 120 receives the application certificate verification request sent by the terminal 110, and obtains a certificate chain corresponding to the application certificate verification request. Because the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign the signature data of the device certificate; the authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate; The corresponding device private key is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the signature data of the application certificate. Then, the server 120 can verify the device certificate and the application certificate according to the authentication public key of the authentication certificate in the certificate chain when there is an authentication certificate consistent with the authentication certificate in the certificate chain on the server 120; when the device certificate and the application certificate both pass At that time, the verification result indicating that the verification is passed is fed back to the terminal 110.

FIG. 2 is a schematic flowchart of a key management method according to an embodiment. This embodiment is described by using the key management method applied to the terminal 110 in FIG. 1 as an example. Referring to FIG. 2, the method includes the following steps:

S202. Generate a device key including a device public key and a device private key in a local security zone.

Among them, the security zone is a trusted execution environment independent of the operating system in the terminal. The security zone may be TEE (Trusted Execution). It can be understood that the security zone is used to ensure that the data stored or processed inside the security zone is independent of the environment outside the security zone and is a trusted environment. For example, if the asymmetric key is generated in a secure area, everyone except the key owner (terminal manufacturer or application server) cannot obtain the private key in the asymmetric key. Of course, the security area may also be other trusted areas within the terminal that can ensure data security, which is not limited in the embodiments of the present application.

The device key is used to verify the legitimacy of the terminal and ensure the security of data transmission. The device key can also be called the terminal root key. In the embodiment of the present application, the device key of the terminal is an asymmetric key, including a device public key and a device private key. Data encrypted by the device's public key can be decrypted by the device's private key; data encrypted by the device's private key can be decrypted by the device's public key. The device key may be an asymmetric key based on RSA-2048. Of course, the device key may also be another asymmetric key, which is not limited in this embodiment of the present application.

It can be understood that when the two data transmission parties are transmitting data, the transmission party needs to encrypt the transmitted data by using a key, so that only the receiver of the corresponding key can decrypt the encrypted data to obtain the data transmitted by the transmission party. . Then, in the embodiment of the present application, when the data transmitting party performs data transmission with the terminal, the data transmitting party encrypts the transmitted data by using the device public key of the terminal. Since the device private key of the terminal is normally only owned by the terminal, Then only the terminal can decrypt the encrypted data through the device private key to obtain the data transmitted by the data transmitting party. Even if other devices can obtain the encrypted data, the encrypted private data cannot be successfully decrypted because the private key of the device of the terminal cannot be possessed, and the data transmitted by the data transmitting party cannot be obtained.

In one embodiment, the device key may be ATTK (Attestation Key, terminal verification key), which is used to verify the legitimacy of the terminal. One terminal has one and only one ATTK. Of course, the device key may also be another key, which is not limited in the embodiment of the present application.

In an optional embodiment, the security area of the terminal includes a key generation code, and by running the key generation code, a device key including a device public key and a device private key is generated in the security area.

Understandably, when a terminal manufacturer produces a terminal, a security zone is configured for the terminal. The terminal is allowed to be shipped from the factory only after the security zone configured for the terminal passes the acceptance. Optionally, before the terminal leaves the factory and the security area on the terminal passes the acceptance, the key generation code may be written into the security area, and the key generation code may be used to generate the device public key and device private area in the security area. The device key of the key.

In an optional embodiment, a security application may run in a secure area of the terminal. The logical behavior and storage behavior of the security application are both security behaviors. The terminal may generate a device key including a device public key and a device private key by running a security application in a secure area. The security application may be a TA (Trusted Application) application.

Of course, other methods may also be used to generate the device key in the secure area of the terminal, and the method for generating the device key is not limited in the embodiments of the present application.

S204. Send the local device parameters and the device public key to the certificate authentication server.

Among them, the device parameters are data reflecting the identity of the terminal. The device parameter may be a terminal identifier, which is used to uniquely identify a terminal, such as a terminal serial number. The certificate authentication server is an authoritative server for authenticating digital certificates. The digital certificate is used to prove that the user (device or application, etc.) listed in the certificate legally owns the public key (device public key or application public key, etc.) listed in the certificate. The certificate authentication server can be a CA server, that is, a server of a digital certificate authority.

Alternatively, the terminal may read the local device parameters, that is, the device parameters of the terminal, and generate a device certificate signing request; and then send the read device parameters, the generated device public key, and the device certificate signing request to the corresponding Certificate authentication server.

S206: Receive the device certificate fed back by the certificate authentication server; the signature data of the device certificate is generated by signing the device parameters and the device public key with the authentication private key of the certificate authentication server.

The device certificate is a file issued by the certificate authentication server and includes the device public key owner information and the device public key. The device public key owner information is the device parameter. The device certificate can include the device public key owner information and the device public key in plain text, that is, the original data without signature processing; it can also include the device public key owner information and the device public key cipher text, which is the device public key Key owner information and data signed by the device's public key. Signature data is data obtained by signing a piece of data with the signer's private key. That is, the certificate authentication server receives the device parameters and the device public key of the terminal, signs the device parameters and the device public key by using the authentication private key of the certificate authentication server to generate signature data, forms a device certificate, and feeds it back to the terminal.

In one embodiment, the device certificate includes a device parameter, a device public key, and a ciphertext generated by signing the device parameter and the device public key by authenticating the private key. Here, the signature data of the device certificate may be only the cipher text; it may also be a combination of the device parameters, the device private key, and the cipher text.

In the embodiment of the present application, the device certificate complies with the X.509 certificate standard. The authentication certificates and application certificates involved in this application follow the X.509 certificate standard. Of course, the authentication certificate, equipment certificate, and application certificate can also meet other certificate standards, which are not limited in the embodiments of the present application.

Optionally, after receiving the device parameters and the device public key sent by the terminal, the certificate authentication server calculates the summary information of the device parameters and the device public key according to the signature algorithm agreed with the terminal, and then calculates it by using its own authentication private key pair. The obtained digest information is encrypted to obtain signature data.

Because it can be guaranteed mathematically: as long as any bit in the data is changed, the recalculated summary information of the data will not match the original summary information. Therefore, in the embodiment of the present application, the method of extracting the digest information and encrypting and signing the digest information can not only ensure the immutability of the data, but also avoid the time consuming caused by encrypting and decrypting a large amount of data. Of course, the device parameters and the device public key can also be signed in other ways, which is not limited in the embodiments of the present application.

It can be understood that even asymmetric encryption systems cannot guarantee that the distribution of public keys is reliable. In order to prevent man-in-the-middle attacks in the process of public key distribution, a trusted "originator" notary is needed, which is the significance of a certificate authentication server (CA server). In the embodiment of the present application, the certificate where the public key is located is issued by a certificate authentication server, or based on the certificate authentication server, the reliability of the certificate where the public key is located is guaranteed at the source.

S208. Store the device private key and the device certificate in a secure area.

Optionally, the terminal may store the device private key and the device certificate in a secure storage area in a secure area of the terminal before the terminal leaves the factory. Secure storage area such as RPMB (Replay Protected Memory Block).

In one embodiment, a device has one and only one device key. Then the device key and the device certificate can be stored correspondingly or separately. The device private key and the device certificate can be stored at the same time; they can also be stored separately, that is, the device private key is stored after the device private key is generated, and the device certificate is stored after the device certificate is received.

It can be understood that the above steps S202 to S208 are completed on a secure and trusted environment inside the equipment production line. In the embodiment of the present application, it is no longer necessary to send the device public key of the terminal from the terminal manufacturer to the key management server through a secure channel before the terminal leaves the factory, in this way to ensure that the uploaded data will not be tampered with. Instead, the device certificate is issued through a certificate authentication server. The certificate authentication server ensures the security and reliability of the device certificate. Since a large number of devices can share a single authentication certificate, the management and maintenance cost of the device key is reduced.

In one embodiment, the terminal may also obtain an authentication certificate including an authentication public key corresponding to the authentication private key; use the authentication certificate and the device certificate as the certificate chain of the terminal; and store the certificate chain in a secure area. That is, for each certificate of the terminal, the terminal stores the certificate chain of the certificate in a secure area.

The above-mentioned key management method, the generation of the device key, and the storage of the device private key and the device certificate in the device key are all performed in a local security zone, ensuring the security of the device key and the device certificate; secondly, The signature data in the device certificate is generated by signing the local device parameters and the device public key with the authentication private key of the certificate authentication server, which enhances the validity and credibility of the device certificate; moreover, the device certificate is directly stored locally It avoids the complicated operation and inconvenience of the management and use of the key caused by storing the device public key in other devices different from the local, making the key management convenient and efficient.

FIG. 3 shows a sequence diagram of issuing a device certificate in one embodiment. Referring to FIG. 3, before the terminal is shipped, the terminal generates a device key (ATTK) including a device public key and a device private key through a security application (TA) running in a security area (TEE). The TEE is independent of the terminal's operating system. The terminal stores the generated device private key in a TEE secure storage area, and sends a device certificate signing request to a certificate authentication server (CA server), and the device certificate signing request carries the device parameters of the terminal and the generated device public key. After receiving the device certificate signing request, the CA server signs the device parameters and the device public key of the terminal with its own authentication private key (the private key of the CA root certificate) to generate a device certificate, and then feeds back the generated device certificate to the terminal. The terminal then stores the device certificate in the secure storage area of the TEE.

In one embodiment, the key management method further includes: generating an application key of the application in a secure area when the application key generation instruction triggered by the application running locally is obtained; the application key includes the application public key and Application private key; in the security area, sign the application's application parameters and application public key with the device's private key to generate the application's application certificate; store the application private key and application certificate in the security area correspondingly.

The application key generation instruction is a computer program for instructing generation of an application key. Application keys are data used to verify the legitimacy of applications and ensure the security of data transmission. In the embodiment of the present application, the application key is an asymmetric key and includes an application public key and an application private key. Data encrypted by the application public key can be decrypted by the application private key; data encrypted by the application private key can be decrypted by the application public key. The application key may be an asymmetric key based on RSA-2048. Of course, the application key may also be another asymmetric key, which is not limited in this embodiment of the present application.

In one embodiment, the application key may be an ASK (App Secure Key), which is used to verify the legitimacy of the application. An application has one and only one ASK. Of course, the application key may also be another key, which is not limited in the embodiment of the present application.

It can be understood that one or more applications can run on the terminal, and each application has its own application public key and application private key. When an application on a terminal performs data interaction with an external device, the peer end encrypts the transmitted data through the application public key of the application. Since the application private key of the application is normally only owned by the application itself, then only the application can The encrypted data is decrypted by applying the private key to obtain the data transmitted by the peer. Even if other applications can obtain the encrypted data, because they cannot own the application's application private key, the encrypted data cannot be decrypted successfully, and the data transmitted by the peer cannot be obtained.

Optionally, when the terminal installs the application or runs the application for the first time, the terminal may obtain an application key generation instruction triggered by the application or an application key generation instruction triggered by the application installation code. The terminal generates the application key of the application in the local security area, and signs the application parameters and the application public key of the application through the device's private key in the security area to generate the application's application certificate; Then store the application private key and application certificate in a secure area.

In one embodiment, signing the application's application parameters and the application's public key with the device's private key to generate the application's application certificate includes: obtaining the application's application parameters and the application's public key summary information; encrypting the digest information with the device's private key. Get signature data; generate an application certificate for the application based on the encrypted signature data.

Among them, the digest information is the only fixed-length value corresponding to the data to which the digest information belongs. It is generated by an irreversible string transformation algorithm that operates on the data to which the digest information belongs.

Optionally, the terminal may use an irreversible string transformation algorithm to use the application parameter and the application public key of the application as one piece of text information to generate summary information of the text information. The irreversible string transformation algorithm may be a hash algorithm or other algorithms, which is not limited in this embodiment of the present application. Of course, other methods can also be used to generate the application parameter and application public key summary information, which is not limited in this embodiment of the present application.

Further, the terminal obtains signature data by encrypting the digest information with the private key of the device, and generates an application certificate of the application. The application certificate can include the application public key owner information and the application public key plain text, that is, the original data without signature processing; it can also include the application public key owner information and the application public key cipher text, that is, the application public key Key owner information and data obtained by applying a public key signature. Among them, application public key owner information is application parameters.

It can be understood that if the data changes during transmission, the new digest information calculated by the receiver through the received data does not match the original digest information, so the receiver can know that the data has changed. Therefore, in this embodiment, the digest information is encrypted. In the case that the integrity and security of the transmitted data can also be guaranteed by the digest encryption, the complete transmitted data is no longer encrypted, and encryption is avoided when the amount of data is large. The time consuming caused by the decryption and decryption process not only ensures data security, provides data processing efficiency, but also facilitates subsequent data processing processes.

In one embodiment, the key management method further includes: obtaining an authentication certificate including an authentication public key corresponding to the authentication private key; using the authentication certificate, device certificate, and application certificate as an application certificate chain; and storing the certificate chain in a secure area .

The authentication certificate is a digital certificate held by a certificate authentication server. Because the certificate authentication server is an authoritative organization responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, it bears the responsibility of checking the validity of public keys in the public key system. Then, the certificate is generally considered to be authoritative and trustworthy. In the embodiment of the present application, the certificate authentication server may be a CA server, and the authentication certificate may be a CA root certificate.

Generally, a certificate authentication server holds a CA root certificate, and the certificate authentication server performs a signature operation on the data to be signed according to the private key of the CA root certificate it holds. Of course, one certificate authentication server may also hold multiple CA root certificates, which is not limited in this embodiment of the present application.

Optionally, after the certificate authentication server issues a device certificate for the terminal, the certificate authentication server may issue the authentication certificate held by the certificate authentication server to the terminal. In this way, after the application certificate is issued by the device private key, the terminal can use the application certificate, the device certificate corresponding to the device public key corresponding to the device private key issuing the application certificate, and the authentication public key corresponding to the authentication private key that issued the device certificate The authentication certificate constitutes a certificate chain of the application, and the certificate chain is stored in a secure area of the terminal.

Understandably, since the device certificate is issued by the certificate authentication server and the application certificate is issued according to the device certificate, the application certificate is issued based on the certificate authentication server, that is, the certificate chain of the application certificate is established based on the certificate authentication server. The trust chain enhances the credibility of each certificate in the certificate chain.

In this embodiment, the certificate chain of the certificate is established for each certificate, so that when the validity of the certificate is subsequently verified, the certificate chain of the certificate is carried in the verification request, and the validity of the certificate can be verified step by step; The device public key needs to be transmitted to a server that specifically manages the key before requesting the server to verify the validity of the certificate.

In the above embodiment, the generation of the application key and the storage of the private key and the application certificate in the application key are all performed in a local security zone, ensuring the security of the application key and the application certificate. Secondly, the application certificate The signature data in is generated by the device private key signature, and the device certificate of the device public key corresponding to the device private key is issued by the certificate authentication server, which enhances the validity and credibility of the application certificate.

FIG. 4 shows a sequence diagram of issuing an application certificate in one embodiment. Referring to FIG. 4, an application can be run on a terminal. After the application is installed or run, an application key generation instruction can be triggered. The terminal generates an application key (ASK) including an application public key and an application private key through a TA running on the TEE. The terminal then obtains the device private key from the secure storage area through TA, and uses the obtained device private key to sign the application's application parameters and application public key to generate an application certificate; and then stores the application private key and application certificate to the TEE security accordingly Storage area. The terminal can also use the authentication certificate, device certificate, and application certificate as the certificate chain of the application; the certificate chain is stored in the secure area of the TEE.

In one embodiment, the key management method further includes: generating an application certificate verification request corresponding to the application when receiving the biometric authentication authorization request triggered by the application; and corresponding the application certificate chain with the application certificate verification request, Send to the application server corresponding to the application; receive the verification result fed back by the application server after verifying the received certificate chain according to the authentication certificate stored on the application server; when the verification result indicates that the verification is passed, grant the application the right to perform biometric authentication.

Among them, the biometric authentication authorization request is used to request the authority to perform biometric authentication. Biometric authentication is a technology in which computer equipment uses the biological characteristics inherent in natural persons to perform identity authentication. Biometric authentication such as fingerprint authentication, facial recognition authentication and iris recognition authentication. The application certificate verification request is used to request the validity verification of the application certificate.

It can be understood that the application requesting the terminal to grant the authority to perform biometric authentication is to request to obtain the biometric data inherent to the user stored in the terminal, such as fingerprint data or face data. Because this data is unique to the user's biological privacy. In order to protect the user's biological privacy, it needs to be granted only when the application has legal request permissions. In other words, only after the application certificate of the application passes the verification, the application can be granted the right to perform biometric authentication.

The application server receives the application certificate chain and the application certificate verification request. When the application server stores an authentication certificate, the received certificate chain is verified according to the authentication certificate, and the verification result is fed back to the terminal.

For example, when a user opens a fingerprint payment on an instant messaging application of a terminal, a biometric authentication authorization request is triggered through the instant messaging application. At this time, the instant messaging application needs to send the certificate chain of the instant messaging application to the instant messaging server corresponding to the instant messaging application, and the instant messaging server verifies the validity of the certificate in the certificate chain, or the instant messaging server forwards it to Other servers verify the validity of the certificates in the certificate chain. Only after the legitimacy verification is passed, the terminal can grant the fingerprint communication payment permission to the instant messaging application.

Optionally, when the terminal receives the biometric authentication authorization request triggered by the application, the terminal generates an application certificate verification request corresponding to the application, and sends the application certificate chain and the application certificate verification request to the application corresponding to the application. server.

When the application server receives an application certificate verification request, it obtains the certificate chain carried by the application certificate verification request, and locally queries whether a certificate chain that is consistent with the authentication certificate in the certificate chain is stored. When the application server stores an authentication certificate consistent with the authentication certificate in the certificate chain, it is determined that the authentication certificate in the certificate chain is legal.

The application server then decrypts the signature data on the device certificate according to the authentication public key on the authentication certificate to obtain the first summary information, and extracts the second summary of the device parameters and the device public key on the device certificate according to the abstract information extraction method agreed with the terminal. Information, comparing the first summary information and the second summary information. When the two are inconsistent, the device certificate is determined to be illegal, and a verification result indicating the verification failure is fed back to the terminal.

When the first summary information and the second summary information are consistent, the application server continues to decrypt the signature data on the application certificate to obtain the third summary information according to the device public key on the device certificate, and extracts the third summary information according to the abstract information extraction method agreed with the terminal. Compare the third summary information with the fourth summary information of the application parameters on the application certificate and the fourth summary information of the application public key. When the two are inconsistent, the device certificate is determined to be illegal, and a verification result indicating the verification failure is fed back to the terminal. When the third summary information and the fourth summary information are consistent, it is determined that the application certificate is valid, and a verification result indicating that the verification is passed is fed back to the terminal. In this way, the terminal grants the application the right to perform biometric authentication only when the received authentication result indicates that the authentication is passed.

It can be understood that the authentication certificate stored on the application server may be an authentication certificate held by each certificate authentication server obtained from each certificate authentication server through a secure channel in advance. When an authentication certificate that is consistent with the authentication certificate in the certificate chain can be found, it can be determined that the authentication certificate is valid, that is, the source of the certificate chain is valid, and the verification is performed step by step according to the authentication certificate. Among them, the secure channel is a data transmission channel that can ensure the security of data transmission, is a trusted channel, and may be a data transmission channel established based on the HTTPS protocol.

In one embodiment, the application server may also obtain a list of revoked authentication certificates in advance. In this way, when the application server performs certificate chain authentication, it first checks whether the authentication certificate in the certificate chain exists in the list of revoked authentication certificates. If the authentication certificate in the certificate chain exists in the list of revoked authentication certificates, it means that the authentication certificate has expired and it is not necessary to perform subsequent certificate verification. If the certificate in the certificate chain does not exist in the list of revoked certificates, the subsequent certificate verification is continued. Among them, the list of revoked certificates is used to publicize invalid certificates.

In one embodiment, the key management method further includes: receiving a verification result obtained from the certificate authentication server through a secure channel and fed back when the application server does not store the authentication certificate; the verification result is passed by the certificate authentication server through the secure channel. After receiving the certificate chain uploaded by the application server, the certificate chain is verified according to the authentication certificate stored on the certificate authentication server.

Optionally, when the application server does not store an authentication certificate consistent with the authentication certificate in the certificate chain, the certificate chain is transmitted to the certificate authentication server or key management server through a secure channel, and the certificate authentication server or key The management server verifies the legitimacy of each certificate in the certificate chain, feeds the verification result back to the application server, and then the application server feeds back the terminal. It can be understood that the process of the certificate authentication server or the key management server verifying the validity of each certificate in the certificate chain is similar to the process of the application server verifying the validity of each certificate in the certificate chain, and is not repeated here.

In this embodiment, the validity of the certificate is verified by the certificate authentication server, and the credibility of the verification result is enhanced. Moreover, during the verification, the verification is performed according to the certificate chain, and the device is included in the certificate chain. The public key no longer needs to be uploaded in advance.

It can be understood that, usually, the application server only checks the validity of the certificate in a scenario with a low security level. In a scenario with a high security level, even if the application server stores an authentication certificate that is consistent with the authentication certificate in the certificate chain. The application server should also transmit the certificate chain to the certificate authentication server or key management server through a secure channel, and the certificate authentication server or key management server should verify the validity of each certificate in the certificate chain. Scenarios with lower security levels include scenarios involving account opening, and scenarios with higher security levels include scenarios involving resource transfer (payment).

In one embodiment, when the terminal receives the biometric authentication authorization request triggered by the application, the terminal determines the security level corresponding to the event requesting the biometric authentication authorization, and carries the security level in the generated application certificate verification request. In this way, after receiving the application certificate verification request, the application server determines whether the certificate validity verification is performed locally or by the certificate authentication server or the key management server according to the security level carried in the application certificate verification request. Wherein, the application server is configured with a processable security level in advance. When the security level carried in the application certificate verification request is a security level that the application server can process, the application server determines that the certificate validity verification is performed locally, otherwise it is determined that the certificate authentication server Or the key management server performs certificate validity verification.

In one embodiment, the application server may forward the application certificate verification request to the certificate authentication server corresponding to the authentication certificate in the certificate chain after determining that the certificate authentication server or key management server performs the certificate validity verification; For other certificate authentication servers, the certificate authentication server forwarded to this time should obtain the authentic version of the authentication certificate in the certificate chain through the secure channel in advance.

In the above embodiment, in a scenario with a low security level, the certificate validity check is performed by the application server. On the one hand, the credibility of the verification result can be guaranteed to a certain extent, and on the other hand, multiple passes can be avoided. The risks and time consuming of data.

FIG. 5 shows a timing diagram of verifying an application certificate in one embodiment. Referring to FIG. 5, an application can be run on the terminal, and after the application is run, a biometric authorization request can be triggered. When the terminal detects the biometric authentication authorization request, the terminal obtains the application certificate chain from the secure storage area through the TA running on the TEE, and generates an application certificate verification request, and sends the obtained certificate chain and the application certificate verification request to the corresponding The application server corresponding to the application. After receiving the application certificate verification request, the application server locally queries whether an authentication certificate consistent with the authentication certificate in the certificate chain is stored. If it exists, verify the authentication certificate, device certificate, and application certificate in turn, and feedback the verification result; if it does not exist, send the certificate chain to the certificate authentication server (CA) or key management server (TAM) through a secure channel. The CA or TAM sequentially verifies the authentication certificate, device certificate, and application certificate, and feeds back the verification result.

FIG. 6 shows a principle architecture diagram of key management in one embodiment. Referring to FIG. 6, the terminal may store an authentication certificate (CAROOT), an equipment certificate (ATTK) issued by the authentication certificate, an application certificate (ASK) issued by the equipment certificate, and an application certificate (AKAuthentication Key) issued by the application certificate. The certificate (CAROOT) is the source certificate chain; the certificate authentication server (CA) or the key management server (TAM) stores the certificate (CAROOT). In this way, when the legitimacy of the certificate is subsequently verified, the terminal uploads the certificate chain of the certificate to be verified along with the verification request to verify the legitimacy of the certificate step by step. The application private key corresponding to the application certificate is used to sign the signature data of the service certificate, and the application public key of the application certificate is used to decrypt the signature data of the service certificate. The service key may be AK (Authentication Key), which is used to verify the legitimacy of the service.

FIG. 7 is a schematic flowchart of a certificate verification method according to an embodiment. This embodiment mainly uses the certificate verification method applied to the server 120 in FIG. 1 as an example for illustration. Referring to FIG. 7, the certificate verification method includes the following steps:

S702. Receive an application certificate verification request.

In one embodiment, the server is an application server. Optionally, when the terminal receives the biometric authentication authorization request triggered by the application, the terminal generates an application certificate verification request corresponding to the application, and sends the application certificate chain and the application certificate verification request to the application corresponding to the application. server. In this way, the application server receives the application certificate verification request.

In one embodiment, the server is a certificate authentication server or a key management server. Optionally, when the application server does not find an authentication certificate on the application server that is consistent with the authentication certificate in the certificate chain, the application server forwards the application certificate verification request to the certificate authentication server or key management server through a secure channel; or, the application server When determining that the security level carried in the application certificate verification request is higher than the security level that the application server can handle, the application certificate verification request is forwarded to the certificate authentication server or key management server through a secure channel; in this way, the certificate authentication server or key The management server receives the application certificate verification request.

S704. Obtain a certificate chain corresponding to an application certificate verification request. The certificate chain includes an authentication certificate, a device certificate, and an application certificate. The authentication private key corresponding to the authentication certificate is used to sign the signature data of the device certificate. The authentication public key is used for the authentication certificate. It is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the signature data of the application certificate.

It can be understood that after the terminal leaves the factory, the next-level certificate is issued in the terminal's security zone one by one to ensure that the chain of trust is based on the authentication certificate. The certificate chain of each certificate includes not only the certificate itself, but also the certificates issued from the source to obtain the certificate. For example, the certificate chain of a device certificate includes an authentication certificate and a device certificate, the certificate chain of an application certificate includes an authentication certificate, a device certificate, and an application certificate, and the certificate chain of a service certificate includes an authentication certificate, a device certificate, an application certificate, and a service certificate.

S706: When an authentication certificate identical to the authentication certificate in the certificate chain exists locally, verify the device certificate and the application certificate according to the authentication public key of the authentication certificate in the certificate chain.

Optionally, when an authentication certificate identical to the authentication certificate in the certificate chain is stored on the server, it is determined that the authentication certificate in the certificate chain is legal. The server then decrypts the signature data on the device certificate to obtain the first summary information according to the authentication public key on the authentication certificate, and extracts the second summary information of the device parameters and the device public key on the device certificate according to the summary information extraction method agreed with the terminal. Compare the first summary information and the second summary information. When the two are inconsistent, the device certificate is determined to be illegal, and a verification result indicating the verification failure is fed back to the terminal. When the first summary information and the second summary information are consistent, the server continues to decrypt the signature data on the application certificate according to the device public key on the device certificate to obtain the third summary information, and extracts the application according to the summary information extraction method agreed with the terminal. Compare the third summary information and the fourth summary information with the application parameters and the fourth summary information of the application public key on the certificate. When the two are inconsistent, the device certificate is determined to be illegal, and a verification result indicating the verification failure is fed back to the terminal. When the third summary information and the fourth summary information are consistent, it is determined that the application certificate is valid, and a verification result indicating that the verification is passed is fed back to the terminal.

It can be understood that when the server is an application server, the application server obtains the authentication certificate of each certificate authentication server from the certificate authentication server through a secure channel in advance.

S708. When both the device certificate and the application certificate are passed, the feedback indicates that the verification result is passed.

It can be understood that the application can be granted the right to perform biometric authentication only when each certificate in the certificate chain is verified. As long as the validity of a certificate in the certificate chain is not verified, the application cannot be granted the right to perform biometric authentication.

In the above certificate verification method, when certificate verification is required, the certificate chain corresponding to the application certificate verification request is directly obtained; since the authentication private key corresponding to the authentication certificate in the certificate chain is used to sign the signature data of the device certificate, the authentication certificate The authentication public key is used to decrypt the signature data of the device certificate, and the device private key corresponding to the device certificate is used to sign the signature data of the application certificate. The device public key in the device certificate is used to decrypt the signature data in the application certificate. That is, the device certificate and application certificate are issued step by step based on the authentication certificate. When there is an authentication certificate that is consistent with the authentication certificate in the certificate chain, that is, when it is determined that the authentication certificate is trustworthy, it can be based on the certificate chain. The authentication certificate verifies the device certificate and the application certificate, so that when the device certificate and the application certificate are both verified, the feedback indicates that the verification result is passed to ensure the validity and efficiency of the certificate verification.

In one embodiment, S706 includes: querying the certification certificate in the certificate chain in the list of revoked certification certificates; when the certification certificate in the certificate chain does not exist in the list of revoked certification certificates, querying the certification certificate in the certificate chain locally. Consistent authentication certificate; when querying the authentication certificate that is consistent with the authentication certificate in the certificate chain, verify the device certificate according to the authentication public key of the authentication certificate in the certificate chain; when the device certificate passes the authentication, the device public key of the device certificate Verify application certificate.

In one embodiment, the certificate verification method further includes: receiving the device parameters and the device public key; obtaining the digest information of the device parameters and the device public key; encrypting the digest information by authenticating the private key to obtain signature data; and generating the encrypted signature data based on the encrypted signature data Equipment certification and feedback.

It can be understood that the steps performed by the server in the embodiment of the certificate verification method are described in the foregoing embodiment of the key management method, and are not repeated here.

Both the key management method and the certificate verification method in the embodiments of the present application can be applied to a biometric authentication standard. Biological certification standards such as the SOTER standard developed by Tencent. After applying the method in the embodiment of the present application to the SOTER standard, the terminal does not need to upload devices ATTK to TAM one by one on the production line in advance, and it can also be supported by the SOTER standard, which further facilitates the access to SOTER's OEM ) Vendor.

It should be understood that although the steps in the flowcharts of the foregoing embodiments are sequentially displayed in accordance with the instructions of the arrows, these steps are not necessarily performed in the order indicated by the arrows. Unless explicitly stated in this document, the execution of these steps is not strictly limited, and these steps can be performed in other orders. Moreover, at least a part of the steps in the above embodiments may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily performed at the same time, but may be performed at different times. These sub-steps or stages The execution order of is not necessarily performed sequentially, but may be performed in turn or alternately with at least a part of another step or a sub-step or stage of another step.

As shown in FIG. 8, in one embodiment, a key management apparatus 800 is provided. Referring to FIG. 8, the key management apparatus 800 includes: a generating module 801, a sending module 802, a receiving module 803, and a storage module 804.

A generating module 801 is configured to generate a device key including a device public key and a device private key in a local security zone.

The sending module 802 is configured to send a local device parameter and a device public key to a certificate authentication server.

The receiving module 803 is configured to receive the device certificate fed back by the certificate authentication server; the signature data of the device certificate is generated by signing the device parameters and the device public key with the authentication private key of the certificate authentication server.

The storage module 804 is configured to store the device private key and the device certificate in a secure area.

In one embodiment, the generating module 801 is further configured to generate an application key of the application in a secure area when the application key generation instruction triggered by the application running locally is obtained; the application key includes the application public key and the application Private key; in a secure area, sign the application's application parameters and application public key with the device's private key to generate an application's application certificate. The storage module 804 is further configured to correspondingly store the application private key and the application certificate in a secure area.

In one embodiment, the generating module 801 is further configured to obtain the application parameters of the application and the digest information of the application public key; obtain the signature data by encrypting the digest information with the device private key; and generate the application certificate of the application according to the encrypted signature data.

In one embodiment, the storage module 804 is further configured to obtain an authentication certificate including an authentication public key corresponding to the authentication private key; use the authentication certificate, device certificate, and application certificate as an application certificate chain; and store the certificate chain in a secure area.

As shown in FIG. 9, in one embodiment, the key management device 800 further includes: an authorization module 805 configured to generate an application certificate verification request corresponding to the application when a biometric authentication authorization request triggered by the application is received; Send the application certificate chain and application certificate verification request to the application server corresponding to the application; receive the verification result fed back by the application server after verifying the received certificate chain according to the authentication certificate stored on the application server; when the verification result indicates When the verification is passed, the application is granted the right to perform biometric authentication.

In one embodiment, the authorization module 805 is further configured to receive the verification result obtained from the certificate authentication server through the secure channel and fed back when the application server does not store the authentication certificate; the verification result is received by the certificate authentication server through the secure channel. After the certificate chain uploaded by the application server, the certificate chain is verified according to the authentication certificate stored on the certificate authentication server.

As shown in FIG. 10, in one embodiment, a certificate verification apparatus 1000 is provided. Referring to FIG. 10, the certificate verification apparatus 1000 includes a receiving module 1001, an obtaining module 1002, a verification module 1003, and a feedback module 1004.

The receiving module 1001 is configured to receive an application certificate verification request.

The obtaining module 1002 is configured to obtain a certificate chain corresponding to an application certificate verification request. The certificate chain includes an authentication certificate, a device certificate, and an application certificate. The authentication private key corresponding to the authentication certificate is used to sign the signature data of the device certificate. The authentication public key is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the signature data of the application certificate.

The verification module 1003 is configured to verify the device certificate and the application certificate according to the authentication public key of the authentication certificate in the certificate chain when an authentication certificate identical to the authentication certificate in the certificate chain exists locally.

The feedback module 1004 is configured to, when the device certificate and the application certificate both pass the verification, the feedback indicates the verification result that the verification passes.

In one embodiment, the verification module 1003 is further configured to query the certificate in the certificate chain in the list of revoked certificates; when the certificate in the certificate chain does not exist in the list of revoked certificates, query locally and in the certificate chain When the authentication certificate that is consistent with the authentication certificate in the certificate chain is found, the device certificate is verified according to the authentication public key of the authentication certificate in the certificate chain; when the device certificate is verified, the device certificate is verified according to the Device public key verification application certificate.

As shown in FIG. 11, in one embodiment, the certificate verification device 1000 further includes: a signing module 1005 for receiving device parameters and a device public key; obtaining summary information of the device parameters and the device public key; and encrypting the summary by authenticating the private key. The information obtains signature data; a device certificate is generated and fed back based on the encrypted signature data.

FIG. 12 shows an internal structure diagram of a computer device in one embodiment. The computer device may be the terminal 110 in FIG. 1. As shown in FIG. 12, the computer device includes a processor, a memory, a network interface, an input device, and a display screen connected through a system bus. The memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and a computer program. When the computer program is executed by the processor, the processor can implement the key management method. A computer program may also be stored in the internal memory, and when the computer program is executed by the processor, the processor may execute the key management method. The display screen of a computer device may be a liquid crystal display or an electronic ink display, etc. The input device may be a touch layer covered on the display screen, or a button, a trackball or a touchpad provided on the computer equipment shell, or it may be External keyboard, trackpad, or mouse. Those skilled in the art can understand that the structure shown in FIG. 12 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. The specific computer equipment may be Include more or fewer parts than shown in the figure, or combine certain parts, or have a different arrangement of parts.

FIG. 13 shows an internal structure diagram of a computer device in one embodiment. The computer device may be the server 120 in FIG. 1. As shown in FIG. 13, the computer device includes a processor, a memory, and a network interface connected through a system bus. The memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and a computer program. When the computer program is executed by the processor, the processor can implement a certificate verification method. A computer program may also be stored in the internal memory, and when the computer program is executed by the processor, the processor may cause the processor to perform a certificate verification method. Those skilled in the art can understand that the structure shown in FIG. 13 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. The specific computer equipment may be Include more or fewer parts than shown in the figure, or combine certain parts, or have a different arrangement of parts.

In one embodiment, both the key management device and the certificate verification device provided in this application may be implemented in the form of a computer program. The computer program may be run on a computer device as shown in FIG. 12 or 13. The volatile storage medium may store various program modules constituting the key management device or the certificate verification device, such as the generating module 801, the sending module 802, the receiving module 803, and the storage module 804 shown in FIG. The computer program composed of each program module causes the processor to execute the steps in the key management method or the certificate verification method of each embodiment of the application described in this specification.

For example, the computer device shown in FIG. 12 may generate a device key including a device public key and a device private key in a local security area by using the generating module 801 in the key management apparatus 800 shown in FIG. 8. The local device parameters and the device public key are sent to the certificate authentication server through the sending module 802. The receiving module 803 receives the device certificate fed back by the certificate authentication server; the signature data of the device certificate is generated by signing the device parameters and the device public key with the authentication private key of the certificate authentication server. The device private key and the device certificate are stored in the secure area through the storage module 804.

For example, the computer device shown in FIG. 13 may receive the application certificate verification request through the receiving module 1001 in the certificate verification apparatus 1000 shown in FIG. 10. Acquire a certificate chain corresponding to an application certificate verification request through the acquisition module 1002; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign the signature data of the device certificate, and the authentication public certificate The key is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the signature data of the application certificate. When the authentication module 1003 locally has an authentication certificate consistent with the authentication certificate in the certificate chain, the device certificate and the application certificate are verified according to the authentication public key of the authentication certificate in the certificate chain. Through the feedback module 1004, when both the device certificate and the application certificate are verified to pass, the feedback indicates the verification result that the verification has passed.

In one embodiment, a key management system is provided, including a terminal and a certificate authentication server. The terminal is used to generate a device key including a device public key and a device private key in a local security area; and send the local device parameters and the device public key to a certificate authentication server. The certificate authentication server is used to feed back the device certificate to the terminal; the signed data of the returned device certificate is generated by the certificate authentication server to sign the device parameters and the device public key according to the authentication private key of the certificate authentication server. The terminal is also used to store the device private key and device certificate in a secure area.

In one embodiment, the key management system further includes an application server. The terminal is also used to generate the certificate chain of the application running locally; when receiving the biometric authentication authorization request triggered by the application, generating an application certificate verification request corresponding to the application; corresponding the application certificate chain with the application certificate verification request, Send to the application server corresponding to the application.

The application server is used to verify the received certificate chain according to the stored authentication certificate when the authentication certificate in the certificate chain is stored, and then feed back the verification result to the terminal. When the authentication certificate in the certificate chain is not stored, it passes the secure channel. The certificate chain is passed to the certificate authentication server, and the verification result obtained by the certificate authentication server for the certificate chain verification is fed back from the certificate authentication server to the terminal.

Among them, the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign the signature data of the device certificate; the authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate; The corresponding device private key is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the signature data of the application certificate.

In one embodiment, the key management system further includes a key management server. The application server is also used to pass the certificate chain to the certificate key management server through a secure channel when the authentication certificate in the certificate chain is not stored, and obtain the verification result obtained by the key management server for the certificate chain verification from the key management server. Feedback to the terminal.

In one embodiment, the terminal is further configured to generate an application key of the application in a secure area when the application key generation instruction triggered by the application running locally is obtained; the application key includes an application public key and an application private key In the secure area, the application's application parameters and application public key are signed by the device's private key to generate the application's application certificate; the application private key and the application certificate are correspondingly stored in the secure area.

In one embodiment, the terminal is further configured to obtain the application parameter of the application and the digest information of the application public key; obtain the signature data by encrypting the digest information with the device private key; and generate the application certificate of the application according to the encrypted signature data.

In one embodiment, the terminal is further configured to obtain an authentication certificate including an authentication public key corresponding to the authentication private key; use the authentication certificate, device certificate, and application certificate as an application certificate chain; and store the certificate chain in a secure area.

In one embodiment, the application server, key management server, or certificate authentication server is further configured to query the certificate in the certificate chain in the list of revoked certificates; when the certificate in the certificate chain does not exist in the list of revoked certificates , Query the authentication certificate that is consistent with the authentication certificate in the certificate chain locally; when querying the authentication certificate that is consistent with the authentication certificate in the certificate chain, verify the device certificate according to the authentication public key of the authentication certificate in the certificate chain; when the device certificate When the verification is passed, the application certificate is verified based on the device public key of the device certificate.

In one embodiment, the certificate authentication server is further configured to receive the device parameters and the device public key; obtain the digest information of the device parameters and the device public key; encrypt the digest information by authenticating the private key to obtain signature data; and generate the device based on the encrypted signature data Certificate and feedback.

In one embodiment, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor causes the processor to perform the steps described in the foregoing method embodiment.

In one embodiment, a computer device is provided, which includes a memory and a processor. The memory stores a computer program. When the computer program is executed by the processor, the processor is caused to perform the steps described in the foregoing method embodiment.

A person of ordinary skill in the art can understand that all or part of the processes in the methods of the foregoing embodiments can be implemented by using a computer program to instruct related hardware. The program can be stored in a non-volatile computer-readable storage medium. When the program is executed, it may include the processes of the embodiments of the methods described above. Wherein, any reference to the storage, storage, database, or other media used in the embodiments provided in this application may include non-volatile and / or volatile storage. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).

The technical features of the above embodiments can be arbitrarily combined. In order to make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, all It is considered to be the range described in this specification.

The above embodiments only express several implementation manners of the present application, and their descriptions are more specific and detailed, but they cannot be understood as limiting the patent scope of the present application. It should be noted that, for those of ordinary skill in the art, without departing from the concept of the present application, several modifications and improvements can be made, and these all belong to the protection scope of the present application. Therefore, the protection scope of this application patent shall be subject to the appended claims.

Claims

A key management method, which is applied to a terminal, and the method includes:

Generate a device key including the device public key and device private key in the local security zone;

Sending the local device parameters and the device public key to a certificate authentication server;

Receiving a device certificate fed back by the certificate authentication server; signature data of the device certificate is generated by signing the device parameters and the device public key with an authentication private key of the certificate authentication server;

The device private key and the device certificate are stored in the secure area.
The method according to claim 1, further comprising:

When an application key generation instruction triggered by an application running locally is obtained, an application key of the application is generated in the secure area; the application key includes an application public key and an application private key;

Signing the application parameter of the application and the application public key with the device private key in the secure area to generate an application certificate for the application;

The application private key and the application certificate are correspondingly stored in the secure area.
The method according to claim 2, wherein the signing the application parameter of the application and the application public key by the device private key, and generating the application certificate of the application, comprise:

Obtaining application parameters of the application and summary information of the application public key;

Encrypting the digest information by using the device private key to obtain signature data;

Generate an application certificate of the application according to the encrypted signature data.
The method according to claim 2, further comprising:

Obtaining an authentication certificate including an authentication public key corresponding to the authentication private key;

Using the authentication certificate, the device certificate, and the application certificate as a certificate chain of the application;

The certificate chain is stored in the secure area.
The method according to claim 4, further comprising:

When receiving a biometric authentication authorization request triggered by the application, generating an application certificate verification request corresponding to the application;

Correspondingly sending the application certificate chain and the application certificate verification request to the application server corresponding to the application;

Receiving the verification result fed back by the application server after verifying the received certificate chain according to the authentication certificate stored on the application server;

When the verification result indicates that the verification is passed, the application is granted the right to perform biometric authentication.
The method according to claim 5, further comprising:

Receiving a verification result obtained when the application server does not store the authentication certificate and obtained from the certificate authentication server through a secure channel; the verification result is received by the certificate authentication server through the secure channel After the certificate chain uploaded by the application server, the certificate chain is verified according to an authentication certificate stored on the certificate authentication server.
A certificate verification method, which is characterized in that it is applied to a certificate authentication server, and the method includes:

Receiving an application certificate verification request;

Obtaining a certificate chain corresponding to the application certificate verification request; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign signature data for generating the device certificate, so The authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to Decrypting the signature data of the application certificate;

When an authentication certificate identical to the authentication certificate in the certificate chain exists locally, verifying the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain;

When both the device certificate and the application certificate pass, the feedback indicates the verification result that the verification passes.
The method according to claim 7, characterized in that, when an authentication certificate identical to the authentication certificate in the certificate chain exists locally, the authentication is performed according to an authentication public key in the authentication certificate in the certificate chain. The device certificate and the application certificate include:

Query the certificate in the certificate chain in the list of revoked certificates;

When the authentication certificate in the certificate chain does not exist in the list of revoked authentication certificates, query locally for an authentication certificate that is consistent with the authentication certificate in the certificate chain;

When an authentication certificate identical to the authentication certificate in the certificate chain is found, verifying the device certificate according to the authentication public key of the authentication certificate in the certificate chain;

When the device certificate verification is passed, the application certificate is verified according to a device public key of the device certificate.
The method according to claim 7, further comprising:

Receive equipment parameters and equipment public key;

Obtaining the device parameters and summary information of the device public key;

Encrypting the digest information by authenticating the private key to obtain signature data;

Generate the device certificate according to the encrypted signature data and feed it back.
A key management device, characterized in that the device includes:

A generating module for generating a device key including a device public key and a device private key in a local security zone;

A sending module, configured to send a local device parameter and the device public key to a certificate authentication server;

A receiving module, configured to receive a device certificate fed back by the certificate authentication server; signature data of the device certificate is generated by signing the device parameters and the device public key using an authentication private key of the certificate authentication server;

A storage module, configured to store the device private key and the device certificate in the secure area.
A certificate verification device, characterized in that the device includes:

A receiving module for receiving an application certificate verification request;

An obtaining module, configured to obtain a certificate chain corresponding to the application certificate verification request; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign and generate the device certificate The signature public data of the authentication certificate is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate; The device public key is used to decrypt the signature data of the application certificate;

A verification module, configured to verify the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain when an authentication certificate identical to the authentication certificate in the certificate chain exists locally;

A feedback module is used to indicate that the verification result is passed when the device certificate and the application certificate are both verified.
A key management system, characterized in that the system includes a terminal and a certificate authentication server;

The terminal is configured to generate a device key including a device public key and a device private key in a local security area; and send the local device parameters and the device public key to the certificate authentication server;

The certificate authentication server is configured to feed back the device certificate to the terminal; the returned signature data of the device certificate is used by the certificate authentication server to pair the device parameters and the device according to the authentication private key of the certificate authentication server. Public key signature generation;

The terminal is further configured to store the device private key and the device certificate in the secure area.
The system according to claim 12, further comprising an application server; the terminal is further configured to generate a certificate chain running in a local application; upon receiving a biometric authentication authorization request triggered by the application, Generating an application certificate verification request corresponding to the application; and sending the application certificate chain and the application certificate verification request to the application server corresponding to the application;

The application server is configured to, when the authentication certificate in the certificate chain is stored, verify the received certificate chain according to the stored authentication certificate, and feed back the verification result to the terminal; if the certificate chain is not stored, When the certificate is authenticated, the certificate chain is passed to the certificate authentication server through a secure channel, and the verification result obtained by the certificate authentication server to verify the certificate chain is fed back from the certificate authentication server to the terminal;

The certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign signature data of the device certificate, and the authentication public key of the authentication certificate is used to decrypt the certificate. The device certificate ’s signature data; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to decrypt the application certificate ’s signature data.
A computer-readable storage medium having a computer program stored on the computer-readable storage medium. When the computer program is executed by a processor, the processor causes the processor to execute the computer program according to any one of claims 1 to 9. Method steps.
A computer device includes a memory and a processor. The memory stores a computer program. When the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Generate a device key including the device public key and device private key in the local security zone;

Sending the local device parameters and the device public key to a certificate authentication server;

Receiving a device certificate fed back by the certificate authentication server; signature data of the device certificate is generated by signing the device parameters and the device public key with an authentication private key of the certificate authentication server;

The device private key and the device certificate are stored in the secure area.
The computer device according to claim 15, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

When an application key generation instruction triggered by an application running locally is obtained, an application key of the application is generated in the secure area; the application key includes an application public key and an application private key;

Signing the application parameter of the application and the application public key with the device private key in the secure area to generate an application certificate for the application;

The application private key and the application certificate are correspondingly stored in the secure area.
The computer device of claim 16, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Obtaining application parameters of the application and summary information of the application public key;

Encrypting the digest information by using the device private key to obtain signature data;

Generate an application certificate of the application according to the encrypted signature data.
The computer device of claim 16, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Obtaining an authentication certificate including an authentication public key corresponding to the authentication private key;

Using the authentication certificate, the device certificate, and the application certificate as a certificate chain of the application;

The certificate chain is stored in the secure area.
The computer device according to claim 18, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

When receiving a biometric authentication authorization request triggered by the application, generating an application certificate verification request corresponding to the application;

Correspondingly sending the application certificate chain and the application certificate verification request to the application server corresponding to the application;

Receiving the verification result fed back by the application server after verifying the received certificate chain according to the authentication certificate stored on the application server;

When the verification result indicates that the verification is passed, the application is granted the right to perform biometric authentication.
The computer device according to claim 19, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Receiving a verification result obtained when the application server does not store the authentication certificate and obtained from the certificate authentication server through a secure channel; the verification result is received by the certificate authentication server through the secure channel After the certificate chain uploaded by the application server, the certificate chain is verified according to an authentication certificate stored on the certificate authentication server.
A computer device includes a memory and a processor. The memory stores a computer program. When the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Receiving an application certificate verification request;

Obtaining a certificate chain corresponding to the application certificate verification request; the certificate chain includes an authentication certificate, a device certificate, and an application certificate; the authentication private key corresponding to the authentication certificate is used to sign signature data for generating the device certificate, so The authentication public key of the authentication certificate is used to decrypt the signature data of the device certificate; the device private key corresponding to the device certificate is used to sign the signature data of the application certificate, and the device public key of the device certificate is used to Decrypting the signature data of the application certificate;

When an authentication certificate identical to the authentication certificate in the certificate chain exists locally, verifying the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain;

When both the device certificate and the application certificate pass, the feedback indicates the verification result that the verification passes.
The computer device according to claim 21, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Query the certificate in the certificate chain in the list of revoked certificates;

When the authentication certificate in the certificate chain does not exist in the list of revoked authentication certificates, query locally for an authentication certificate that is consistent with the authentication certificate in the certificate chain;

When an authentication certificate identical to the authentication certificate in the certificate chain is found, verifying the device certificate according to the authentication public key of the authentication certificate in the certificate chain;

When the device certificate verification is passed, the application certificate is verified according to a device public key of the device certificate.
The computer device according to claim 21, wherein when the computer program is executed by the processor, the processor causes the processor to perform the following operations:

Receive equipment parameters and equipment public key;

Obtaining the device parameters and summary information of the device public key;

Encrypting the digest information by authenticating the private key to obtain signature data;

Generate the device certificate according to the encrypted signature data and feed it back.